CISA Known Exploited Vulnerability

CVE-2020-8644

PlaySMS · PlaySMS

PlaySMS Server-Side Template Injection Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2022-05-03

CWE CWE-94

Ransomware Unknown

CISA description

PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2020-8644

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

External lookups